Red Team Engineer
State Street · Quincy, MA · 5 days ago
Information Technology$120k–$203k/yrFull-time
About the role
The Red Team Engineer serves as a core technical contributor for adversary-emulation, threat-informed security testing, and controlled offensive security operations within the Global Cyber Security group at State Street.
Responsibilities
- Execute authorized adversary-emulation activities to assess defenses, security controls, and organizational resilience.
- Conduct targeted security assessments across applications, infrastructure, cloud platforms, and enterprise technologies.
- Collaborate with cybersecurity, technology, and risk stakeholders to develop realistic, threat-informed testing scenarios.
- Evaluate detection and response capabilities and support improvement through coordinated purple-team activities.
- Operate within defined approval processes, scopes, authorization boundaries, and safe-testing protocols.
- Develop or adapt tools and techniques to support realistic testing, ensuring secure and compliant usage.
- Produce clear, audit-ready reporting and support remediation to reduce identified risks and strengthen defenses.
Qualifications
- Strong proficiency in offensive security techniques, including infrastructure, application, and cloud-focused penetration testing.
- Deep understanding of adversary behaviors and attack frameworks (e.g., MITRE ATT&CK) to inform realistic testing scenarios.
- Familiarity with modern security tooling, assessment utilities, and red-team-oriented testing methodologies.
- Broad technical knowledge across networks, operating systems, identity systems, cloud services, and security controls.
- Demonstrated analytical ability to identify core issues, interpret risk, and propose practical, evidence-driven solutions.
- Strong organizational, time-management, and prioritization skills in dynamic and high-pressure environments.
- Ability to work independently while collaborating effectively with technical and non-technical stakeholders.
- Commitment to maintaining awareness of emerging threats, vulnerabilities, and offensive security trends.
- High attention to detail and consistent delivery of accurate, high-quality work.
- Clear and professional communication skills, including the ability to simplify complex technical concepts.
- Prioritize handling sensitive information responsibly and operating with discretion and professionalism.
Skills
- Strong proficiency in offensive security techniques, including infrastructure, application, and cloud-focused penetration testing.
- Deep understanding of adversary behaviors and attack frameworks (e.g., MITRE ATT&CK) to inform realistic testing scenarios.
- Familiarity with modern security tooling, assessment utilities, and red-team-oriented testing methodologies.
- Broad technical knowledge across networks, operating systems, identity systems, cloud services, and security controls.
- Demonstrated analytical ability to identify core issues, interpret risk, and propose practical, evidence-driven solutions.
- Strong organizational, time-management, and prioritization skills in dynamic and high-pressure environments.
- Ability to work independently while collaborating effectively with technical and non-technical stakeholders.
- Commitment to maintaining awareness of emerging threats, vulnerabilities, and offensive security trends.
- High attention to detail and consistent delivery of accurate, high-quality work.
- Clear and professional communication skills, including the ability to simplify complex technical concepts.
- Prioritize handling sensitive information responsibly and operating with discretion and professionalism.